Device for protecting against unauthorized use of software

ABSTRACT

A device for protecting against unauthorized use of software, characterized in that a first processor emulates a second processor, whereby the second processor executes program code and the second processor transmits data to a computing system running the software in a process, whereby the process enters an error condition if the data contain errors.

CROSS-REFERENCE TO RELATED APPLICATION(S)

This application is the national stage of PCT Application No.PCT/EP03/02602 filed Mar. 13, 2003 for “Device for Protecting AgainstUnauthorized Use of Software” by Bernd Peeters and Wulf Harder, which inturn claims priority from German Application No. 202 04 651.6 filed Mar.18, 2002.

BACKGROUND OF THE INVENTION

The invention refers to a device for protecting against the unauthorizeduse of software.

State-of-the-art: in the SAM copy protection system from Comprotec,encrypted, secret programs of a protected PC application are transmittedto a dongle connected to the PC. The dongle contains a device fordecrypting and executing the program. During execution of the program,unencrypted data are exchanged with the protected application. Theprotected application only works properly if the data exchanged arewithout errors. This is only possible if the dongle is connected to thePC. The dongle is usually distributed together with the protectedapplication. Since the dongle is very difficult or even impossible toreproduce without knowledge of the secret technical details and theprograms run on the dongle are kept secret, unauthorized use of theapplication is prevented. The secret programs can also read and write toa persistent memory on the dongle. This enables, for example, licenseinformation to be transmitted to the dongle without this procedure beingmanipulated externally.

The disadvantage of this copy protection device consists thereof thatthe copy protection manufacturer cannot change the processor type on thedongle without requiring considerable changes to the protectedapplications and the secret program code. Moreover, the applicationprovider is committed to using a dongle from a particular provider ofcopy protection. The use of dongles from other copy protection providersis generally not possible without changing the application if these useother types of processors. Another disadvantage is that the copyprotection provider can only use processors that enable the program codeto be read from RAM. Since the programs should be replaceable, readingfrom a ROM or EPROM is not an option. Using smart card controllers whichmeet high security standards is generally not possible, since thesegenerally only run permanently stored program code. Furthermore, thecreation of a standard for license transactions is not possible, ifproviders of copy protection use various processor types with diverseinstruction sets.

BRIEF SUMMARY OF THE INVENTION

The present invention is based on the object of enabling the executionof secret, exchangeable program code for protection against unauthorizeduse of an application to run independent of the processor type and toenable the use of controllers with permanent program storage,particularly smart card controllers, for execution. In addition, thecreation of a standard for license transactions should be supported.

BRIEF DESCRIPTION OF THE DRAWINGS

The sole FIGURE is a block diagram illustrating a device for protectingagainst the unauthorized use of software according to an embodiment ofthe present invention.

DETAILED DESCRIPTION

The object is solved as follows. A first processor 2 emulates a possiblyvirtual second processor 3. The architecture and instruction set of thesecond processor 3 can be published. A provider of copy protection canimplement the instruction set in an instruction interpreter on theprocessor type of his choice. A protected application is independent ofthe implementation of this instruction interpreter and of the specificproperties of the first processor 2. The copy protection devices ofvarious manufacturers are compatible with one another. A protectedapplication can work in conjunction with the copy protection devices ofvarious manufacturers. This consequence is particularly important if thecopy protection device is to be built into mobile telephones. A furtherconsequence is that a provider of copy protection can change the firstprocessor 2 any time, if for example it is no longer available, withoutthe provider of an application having to change the application.

The choice of a smart card controller is also possible; it is evenpossible to let a processor of the computer system 7, such as theprocessor of the PC hosting the application or a security controllerinstalled on the PC motherboard, emulate the second processor 3. In oneembodiment, the secret program codes 4 are transmitted in encrypted formto the first 2 or second processor 3, decrypted and executed. This canhappen in one step or several partial steps. Preferably, the secretprogram codes 4 will be transmitted from the computing system 7 to thefirst 2 or second processor 3. In order to keep the memory requirementfor emulation low, it can be a good idea to perform the transmission inseveral partial steps. After each partial step, the first processor 2informs the computing system which program code 4 should be sent next,which depends on the status of the second processor 3, in general of thenew calculated program counter. Virtual program storage is achieved thisway. A virtual data store for the second processor 3 can also beimplemented this way.

In a further embodiment of the invention, the encryption and decryptionare carried out in two steps. During encryption, the program code 4 isencrypted with a symmetric encryption key 8. The key 8 is then encryptedwith a public key 9 and transmitted together with the program code 4 tothe first 2 or second processor 3. This one then decodes the key 8 withan appropriate private key 10. Then the key 8 is used to decode theprogram code 4. This procedure enables an application developer tochoose the processors or processor types for executing the program code4. If, for example, a processor type appears not secure to theapplication developer, so that it is feared the secret program code 4may become known, then the application developer encrypts the programcode 4 with public keys 9 from processor types that appear secure ratherthan with the public key 9 assigned to this processor type.

The second processor 3 could, read and write license information in apersistent memory for example. If the instruction set of the secondprocessor 3 receives cryptographic instructions, secondary processors 3can exchange the encrypted data among themselves or for example a secondprocessor 3 can emulate other data generators that execute cryptographicfunctions.

The use of public key procedures are available for the transfer oflicense information from one processor to another processor 3. Thisgenerally enables encryption and authentication of transferred databetween secondary processors 3.

Another option for emulating a second processor 3 beside a dongleconnected to a PC is the use of wireless, preferably handheld devices,such as mobile telephones, pocket computers, etc. This option makes iteasier for the user of the protected application to handle the copyprotection. For example, the user need only have his mobile telephonewith him and can then also use a protected, but licensed applicationeven at other locations without manual intervention. Furthermore, theuser can use an Internet connection or dial a particular telephonenumber to transfer a software license to his mobile telephone. In thelatter case, the license value could be billed via the telephoneinvoice. In addition with mobile telephones there is the option to usethe security controller that is usually present to emulate the secondprocessor 3.

The invention will be described below using an example referring toFIG. 1. A dongle connected to a computing system 7 contains a firstprocessor 2 with an instruction set containing an instruction fordecoding. In addition, the first processor 2 contains a working registerand RAM and is externally protected against reading and manipulation ofthe contents of memory. A program stored in a ROM of the first processor2 emulates a second processor 3, which also contains a working registerand RAM. This RAM and this working register are saved in the RAM of thefirst processor 2 during this process. The instructions of the secondprocessor 3 are implemented using an interpreter that is also stored inthe ROM of the first processor 2, which recognizes the instructionoperating codes of programs intended for the second processor 3 andtriggers certain actions for each recognized instruction, such aschanging the register contents of the second processor 3 or sendingand/or receiving data from the computing system 7. An application 1 willbe started on the computing system. The application 1 transmits anencrypted program code 4 to the first processor 2. The first processor 2decodes the program code 4 using its decoding instruction. Now theinterpretation of the decoded program code begins on the first processor2, which is equivalent to emulation of a second processor 3. The programcode 4 contains instructions with which data sent by the computingsystem 7 are received. These data are processed using the interpretedprogram code 4, and the results needed by the active application 1 aresent to the computing system 7. If the results are not received ormistakes are found in the results, the process executing the application1 goes to an error condition, in which for example the application 1deviates from its intended behavior. As a result, the proper utilizationof the application 1 is prevented and the application 1 is therebyprotected against unauthorized use.

1. A device for protecting against unauthorized use of software,comprising: a computing system running the software in a process,wherein running the software requires transmission of predeterminedprogram code to a predetermined second processor, execution of thepredetermined program code by the second processor, and communication ofdata between the second processor and the computing system to ensureonly authorized use of the software; and a first processor emulating thesecond processor, wherein the first processor is operable to receive thepredetermined program code from the computing system, to interpret andexecute the predetermined program code according to protocols of thesecond processor, and to transmit data to the computing system processedusing the predetermined program code; whereby the process of running thesoftware enters an error condition if the data transmitted to thecomputing system is not received or contains errors, without affectingthe emulation of the second processor by the first processor, the errorcondition preventing proper utilization of the software.
 2. The deviceaccording to claim 1, wherein the first processor is a microcontroller,a smart card controller or a processor of the computing system.
 3. Thedevice according to claim 1, wherein the first processor is operable toreceive the predetermined program code in encrypted form and to decryptit.
 4. The device according to claim 3, wherein the first processor isfurther operable to receive a symmetric key being encrypted with apublic key, the predetermined program code having been encrypted withthe symmetric key, so that subsequently the symmetric key is decryptablewith a private key associated with the public key allowing thepredetermined program code to be decrypted with the symmetric key. 5.The device according to claim 1, wherein the protocols of the secondprocessor include an instruction set that contains instructions that canread from and/or write to a persistent memory.
 6. The device accordingto claim 1, wherein the protocols of the second processor include aninstruction set that contains cryptographic instructions.
 7. The deviceaccording to claim 6, wherein the instruction set contains instructionsfor executing public key encryption processes.
 8. The device accordingto claim 1, wherein the first processor is located in a portable,wireless device.
 9. The device according to claim 8, wherein theportable, wireless device is a mobile telephone, a personal digitalassistant (PDA), a handheld computer or a combination thereof.
 10. Thedevice according to claim 9, wherein the device receives softwarelicense information by means of a telephone connection, and thisinformation is able to be queried by the predetermined program code. 11.The device according to claim 1, wherein the first processorcommunicates license information via an Internet connection.
 12. Thedevice according to claim 1, wherein the first processor is located in adongle communicatively connected to the computing system.